|
Domain Thief...this guy is trying to steal one of my domains
I got an e-mail saying:
Open Sources [Under Registrar: DirectI] has received a request from Victor [teen.ann@mail.ru] on Monday, Nov 15, 2004 for DirectI to become the new registrar of record for (my domain went here). According to the e-mail, if I do not respond then the transfer will not take place. My understanding is that if I did not have that domain locked at Godaddy, then under the new ICANN rules, that domain could have been transferred. A warning, be sure to lock your domains. If I had been on vacation and not seen this e-mail, and I did not have that domain locked, it may have been stolen. There was also a link to click on to cancel the transfer, which I did. This went to the registrar (DirectI) that was initiating the transfer. FYI to cover myself, I also called my executive accounts rep at godaddy and informed him. I followed up with an e-mail to him that he immediately replied to. I also sent a letter to the President of Godaddy suggesting an even more secure way that they can protect our domains that we have registered there. Watch out for that guy, Victor ... teen.ann@mail.ru ... he is obviously a domain thief. |
RUN as fast and as far as you cn from godaddy do a horror search on the board using godaddy.
Don't trust them my friend like I said do a search and you'll see |
There have been threads on this board, in this forum, for over a week now. And GoDaddy is not at fault here.
|
I've read the threads about godaddy as they came out. I really don't think godaddy is at fault...their policy is the same as everyone else's. ICANN pretty much sets the guidelines that all registrars must follow.
In this instance, there was no harm done (so far), because the domain was not stolen by Victor (that fuckin prick!). I will also mention, that the e-mail that is listed for the admin contact for that account was also put on a bunch of spam lists the same day that Victor tried to steal the domain. I got 498 e-mails in instead of the usual 10 or so. I'm pretty sure that he did that hoping that I would not see the e-mail regarding the transfer. |
I didn't say they were at fault I just said don't trust them is all.
Too many horror stories about them saying theres nothing they can do when peeps shit gets taken . |
My understanding is that once a domain is stolen, the registrar is helpless to do anything about it. The victim must take it up with the agency (I don't remember the name or symbols for that agency) that is in charge of overseeing such problems. I'd imagine that that agency is affiliated with ICANN but don't know for sure.
|
I dont mean to knock you too hard, but if you saw all the threads on the boards, got the email from godaddy and still didnt lock your domains, and then went on vacation and lost your domains... I wouldnt feel too sorry for ya. heh.
|
Quote:
and Quote:
1) GoDaddy IS at fault... (I promise you that RIGHT NOW.. GoDaddy is undoubtable at fault.. after 24 hours of digging into this. Some other Registers are vulnerable too though!!) 2) How do all you Brainiacs that keep saying "Just Lock Your Doamins and leave GoDaddy" suggest people transfer a domain without un-locking it? And... you could be fucked over in MINUTES after un-locking your domain if you are not aware how these scammers are Phishing for every un-locked domain on godaddy. That e-mail is sent by, or with the approval of, a Guy named Tooms or Tooma from Portland in Oregon... who has control of an approved ICANN registrar. You can ICQ Him or his manager (not sure which it is) on this ICQ: 45-692-092 if you want to ask him why he is allowing his registry to be used for this scam if you wish... he is quite a piece of work! (If you need an address and phone number to serve this guy, I think I can get it for you from a guy that chased it down from my registry) Co-incidently this guys line is basically "I dont care if you are too silly to not lock your domains" Sound familiar people? It APPEARS the "Decline this Transfer" link could possibly be a scam that will give them proof you have agreed to give your domain away under ICANN rules (a guess from my registry support) He should not be able to hold anymore doamins as a registry under the current name by now, or soon... but chances are that wont stop him for long. For Anyone else that gets one of these emails DO NOT CLICK DECLINE.. Go into GoDaddy account management and click on PENDING TRANSFERS.... If nothing shows up in there.... go back there twice per day for the next week at least.... and ONLY click decline in that area.... You have to keep checking this area of the godaddy site whenever you have any domain unlocked... it is the ONLY way to be sure GoDaddy hasnt received a request they are acting on without your knowledge. If you are mid transfer and get one of these..... Cancel ALL your transfers that are current.... Lock all your domains and Do Not re-start your transfers for at least 2 weeks is my advice.. there really is no way to be certain who's request you approve at GoDaddy at the moment.. so be very very careful once you get any suggestion you are being targetted! Sorry for caps... but his one is important: THERE IS NO WAY TO DETERMINE WHAT REGISTER IS REQUESTING YOUR DOMAIN FROM WITHIN GODADDY ADMIN ... and GoDaddy cant tell you either.... (Believe me it sounds impossible... but it is definitely true) BE VERY CAREFUL ABOUT CLICKING APPROVE IN GODADDY ADMIN... if this scammer has managed to fire off their transfer request before you got yours in... OR IF YOUR TRANSFER FAILS.. this scammers Transfer request will display for approval in your GoDaddy admin instead of your genuine request and there is No Way To Tell.. even by telephoninf and asking godaddy to check for you! (I spoke to 5 or 6 differnt people at GoDaddy.. it isnt just one bad support person.. their system really isnt in place or set up to track this) I'm going to write a detailled "article" about this, designed to help webmasters with lots of domains spread over many registers protect themselves. I predict many many more people will be caught and lose doamins before this system is fixed. One thing people who do lose domains might like to consider is.... setting up a class action right now against ICANN... apparently them levying a 45 cent fee direct on us, now gives them a direct responsibility to us, instead of just to the registry. (an opinion) |
How could you not lock your domains when using Godaddy?
This was very risky. |
Quote:
And it's not just GoDaddy... the scammers just happen to know GoDaddy are clueless and hit them hardest first.. Several registries appear to be a worse security hole than GoDaddy to me. |
I think that this sums up the new ICAAN policy:
How a registrar transfer works The new transfer policy still requires the "gaining" registrar to get positive confirmation from the domain owner before submitting the request to the registry. They do this by sending a conformation request to the domain's admin contact. This has not changed. The domain owner must confirm the transfer as valid by replying to the confirmation request as noted in step 1. This has not changed. Once the domain owner has confirmed a valid request, it is sent to the registry and they pass it along to the "losing" (or current) registrar. This has not changed. The current (losing) registrar sends a second confirmation request to the domains admin contact. This has not changed. What's changed Currently, if the domain owner does not or cannot reply to this "2nd" confirmation request, the losing registrar can, at their discretion, decline the transfer. As of Nov 12th, the transfer WILL complete even if the domain owner does not reply to the 2nd confirmation request. Why this matters It's important to note that the current and long standing policy of OpenSRS and some other respectable registrars is exactly the same as that which will be imposed on all registrars beginning on November 12th, 2004. Many other registrars used the older policy to hinder the transfer of domains away from their companies. They used all kind-o sneaky tricks to keep domain owners from confirming the second transfer request. This new policy does not increase the risk of domain hijacking and if fact hinders it because it also imposes requirements that the "gaining" registrar maintain "proof of domain owner authorization" for domains transferring to their system. Further, if the gaining registrar cannot provide proof, upon request, they are subject to a fine of $1500 per incident (domain) plus the possible loss of ICANN accreditation. |
The only registrars that I've seen that has sent out information regarding the new policy is GoDaddy and RegisterFly.
Odd. |
|
Hummmmmmm ????
Again... SCARY....
LOCK UP YOUR DOMAINS PEOPLE.... Do Not let all those hard working hours you've put into your site end up in the toilet. DO IT NOW! |
Quote:
|
Quote:
I have only personally tried transfers from 2 registers since the change.. Godaddy and a Tucows reseller... If time allows I will do some better research, contact each registry I looked at and ask them to confirm the information is correct, and then write an article to help others... when I know what I am saying rather than just guessing about some things. |
Quote:
And the issue at GoDaddy is not with the Verisign or ICANN rules... it is that the GoDaddy system is so poor... and after seeing it firsthand.. I think even a careful and experienced webmaster could be caught out, even webmasters who exactly follow the correct steps. Have you transferred any domains this week? After transferring 50-60 domains in 5 seperate batches, and watching 3 attempts to steal different ones... I'm pretty confident I'd have a good chance of tricking any webmaster here into transferring one of their domains to me, if you start multiple transfer orders soon after each other... then the chances of the scammer grabbing a domain become higher too. I don't personally know how I could get away with it long term.. but the person who tried to grab some of mine is doing this in a big way and seems to think there is a point to it. |
Out of curiosity, why all the massive domain transfers anyway? I mean honestly. Is it a new sport or something? What's wrong with picking a place and staying there?
|
No Opti, I am not transferring any domains. I hold with darksoft's theory of picking a place, or a few places, and staying with them.
I don't think that the gaining registry can take a domain without the approval of the owner. This said, caution on the part of all of us is certainly called for. ICAAN also allows a 30 day period that you can recall a domain that was stolen, according to what I read on their site. I don't know the specifics on it, but it seems they're trying. |
i have all my domains at godaddy about 200+ i have them for 3 yers and i had never have a problem which couldnt resolve, i am happy with godaddy|violin|
|
Quote:
It is more than in a normal week for me, but not that unusual for lots of webmasters. I don't know why it's anyones business really.. and when I posted this stuff the last question I was expecting to get over and over and over again was "why dont you just lock your domains and not move them?" .... So in the interst of my sanity....... I bought some domains from another webmaster and he gave them to me in a GoDaddy account... I sold a couple... a friend gave me 1.... Also, I had been putting off moving the last domains I still had at godaddy in one group...... as it always felt like a chunk of dollars I didnt "really" need to spend and I had never had a problem at godaddy until last week... That problem, and this new system made it seem like a smart time to move the last ones to the group of registers I do trust. As it turned out it was a crazy time to move the ones that didnt have to be done right now. But I don't really need any more messages trying to explain how dumb I am or how locking my domains will solve all issues please ;) I don't mean to be rude to anyone (and this isnt directed at you Darksoft) but I've fixed my own problems and I'm done with this for now... If you have 10-15 domains, always buy from one registry, and don't have a need to transfer many domains.. I understand this may not be important to you... if you do make regular domain transfers.. all the info you probably need from me can be found in my various posts about this issue... or e-mail me please. ;) |peace| stuveltje: I've probably got a couple of good tips to help you stay safe there. Hit me up on ICQ if you like. 2556404 ;-) |
As far as i recall from reading various posts on various threads...
Every time (or at least most of the times) i read about hijacking a domain name, the hijacker has managed to hack into the free email account that was used to register the domain name. were there any cases that the attempt to hijack the domain happened using another method other than hacking a free Yahoo or other email account? I am using Godaddy for several years and never had any problem with them. |
Quote:
A new Sport? I Wish, I could join. BUT.... Crap, I've always suck at sports... |
Just to let everyone know...gkg.net also sent out a warning email about the change in ICANN rules..and said they were automatically locking every domian they control and that if you want to unlock it, you have to log in and make the change manually. i've never had a problem with them and their customer support is excellent and $8.45 a year to register a domain for 3 years can't be beat IMHO.
Opti....just to make sure I understand, so long as your domains are locked, they can't be stolen, correct? The only time they can be stolen is if you unlock the domain to transfer it? Thanks |
CaptainJSparrow,
DirectI was following the correct procedure. They received a transfer request as the acquiring registrar. They sent a confirmation email to the owner and administrator of the domain (you). If you do not respond to that confirmation, they will NOT accect the transfer, as they stated in their email. I don't see any real cause for concern. If you do nothing at all, your domain stays at GoDaddy. I will comment that your domain must have been unlocked at GoDaddy in order for someone to even make the transfer request. If you go to DirectI and try to transfer a domain there, the first thing it does is check the lock status. If the domain is locked, you just get an error message telling you that you can't transfer the domain because it's locked. The transfer request doesn't even go in the system in that case. |
Quote:
I didn't really want to get into this as I already sound like half a panic merchant :) But there is one other situation where you might want to take extra care.. it really isnt going to affect many people though. Register-Lock can't be removed without your account password... If you own a .org, .info .biz domain at godaddy... if/when you do transfer it, you will be required to give the gaining register what is called an Auth-Code which you get from GoDaddy.... Most places use a made up code.. GoDaddy decided it would smart to use your actual account password as the Auth-Code (the one needed to remove register-lock) So, if you ever do transfer one of these domains out of GoDaddy you would be best to change your acccount password there afterward. Quote:
Right now, if 2 transfer requests have come in to GoDaddy for your domain. They wont tell you they have recieved either yours or the bogus one... and the transfer status menu does not identify the gaining register... so if the bogus request arrives at GoDaddy prior to yours... and you have no idea it has been sent... it will be pretty hard to know that you are being tricked into clicking that approve link, and giving your doamin away... until its way too late. The scammer may also be hoping that you wont transfer or re-lock the domain fast enough and they will get it by default after 3-5 days... which is what GoDaddy support said is possible. Although I personally doubt that could be correct as lots of people should be screaming already if it was. The new system, as most people seem to understand it, says they shouldnt be able to get away with any of this. But it looks to me like they can... and it's a fairly safe to say the scammer thinks they can too... If you are alert and don't assume anything when doing transfers it can be done fairly safely... but its simply not 100% failsafe.. and definitely not as safe as before. Watch your transfers closely whilst they are proceeding. I doubt the ICANN rules will provide much relief once a domain is gone this way... and you can bet your bottom dollar GoDaddy cant/wont help you... Most of all, Dont assume it wont happen to you... from what I see.. if you have domains moving out of GoDaddy, particualrly any decent value ones, they are a good chance to be targetted. |smooch| |
when i sold analbitch-pornlist.com last time, i was surprised that the guy who bought it said i just can ask for the domain at godaddy, but for real he couldnt, i had to give the info for the new domain onwer he couldnt get it like he told me, i am pritty sure i am save there, but still thanks for the info opti!!!|waves|
|
i had an over anxious client try to initiate a transfer of a locked domain i had at godaddy right after he paid for a website. the transfer was blocked immediately due to it being locked. i just transferred a domain into my godaddy account a couple days ago and when the transfer completed, the domain showed up as locked in my godaddy account.
|
well reading all this I emailed my domain registar to ask about how to lock mine and here's what they said, I will not say who they are and a clue - they are expensive..
Dear marc Thank you for conatcting.... We do not have the "lock" facility available to domain name holders at present as the new transfer policy is so secure that Lock is now more of a perceived need than an actual requirement There has been some confusion regarding the New ICANN Transfer Registrar Policy that will be officially implemented by the registrar community on 12 November 2004. Despite reports to the contrary, the new Policy will have a positive impact on registrants and registrars which follow the new Policy, by clarifying and improving the Registrar Transfer process. It makes no other substantial changes. The new Policy now enforces the spirit of the original Registrar Transfer process by providing explicit guidelines on matters that have been of concern in the past to the Registrar and Registrant community, and which have restricted Registrants ability to transfer their domain names between Registrars. It clearly dictates what Registrars can and cannot do, and prohibits Registrars from practices which may have occurred in the past in which Registrants were caused confusion. Under the new transfer policy, Registrants will be safer and will have greater freedom to transfer their domains to any ICANN-accredited registrar of their choice. The new Policy ( http://www.icann.org/transfers/policy-12jul04.htm ) outlines that: i. All registrars must only use a clear standardized form of authorization as outlined by ICANN to obtain the express consent of the registrant prior to initiating a transfer. Authorisation forms are not to contain any other text not related to the actual transfer request. Benefit- This means that Registrars or their agents can no longer solicit transfers by sending confusing, deceptive or intentionally misleading emails to Registrants, which will assist in preventing customers from making uninformed decisions. ii. The administrative contact remains as the authorising entity and Registrars cannot initiate a transfer unless they have received explicit approval, either electronically from the same or by a physical process which involves certified identification. Benefit- Registrants will be safer from any risk of having their domains transferred to another registrar without their explicit consent. iii. The new policy prohibits Registrars from denying outgoing transfers on the basis of a registrant's alleged failure to "double-confirm" the transfer. This process is commonly referred to as 'Auto-knacking'. Benefit- The new policy will prohibit Registrars from denying outgoing transfers on the basis of a Registrant's alleged failure to "double- confirm" the transfer. Under the old policy, some transfer requests that had already been authenticated by the gaining Registrar were denied by the losing Registrar if technical problems, spam filters, language difficulties or other issues resulted in a Registrant not responding to a secondary confirmation e-mail from the losing Registrar. Losing Registrars will still be able to send a message to a Registrant that has authorized an outgoing transfer, but a clear and concise standardized form of message must be used, and the Registrar will not be allowed to deny the transfer if a response is not received from the Registrant. iv. The new transfer policy includes a robust dispute resolution policy for resolving disputes between Registrars involving alleged violations of the policy. As part of this mechanism, registries will be implementing a "transfer undo" functionality in order to be able to efficiently reverse any transfers initiated in violation of the policy. Benefit- If there is dispute, it will be dealt with using appropriate processes and if necessary by independent arbitration. Regards |
I remember back when you actually had to fill out a huge form to transfer registrars and it would take weeks to get the transfer approved... my how the times have changed.
Glad to hear that asshole didn't get your domain. |
Well done Plateman!
Quote:
Although I am sure ICANN would argue the actual text in the E-Mails being sent isn't deceptive.... so it isn't a fault with their system. :\ Chances are your register still is secure Plateman.. even without a lock service. If you wanted to put your mind at ease, I would get 2 people with other register accounts to try and transfer one of your domains away at the same time and see how easy it is to spot what has happened from within your registry admin area.. and from any email alerts they send you. Is there any chance that you might not realise what had happened? Does both requests show up in your admin area or just one? Does it prominently show you the name of the gaining register and/or details of the person making the request in your admin area? Try and imagine you have started a valid transfer and someone has targetted you and sent one of their own.. if you werent expecting it, is there any possibility of accidently clicking approve on the wrong transfer request? If that all looks well thought out you are probably better off there with no register-lock than being at GoDaddy with it imho. Then ignore the e-mails that come from the requesting registries and see what happens. They will certainly fail.. but, if they havent emailled you alerts already, you want to see if your registry will have some record there so you know the attempts had been made if you only login irregularly. You can't rely on receiving an email from the registry used by the scammer to alert you... for one, a scammer would simply have to use an email address like viagra_casino@mail.com and have many people's own spam filters ensure you dont get the email. *** Interesting Development *** There was an attempt made to transfer away one of the same domains again, in the last few hours. It is not at GoDaddy now.. and it IS on register-lock If it is not possible to request a transfer for a locked domain under these rules... then how did this happen? I have a theory how it can happen.... But I will talk to my registry and work out for sure what has ocurred.. and let the thread know. |goodnight |
Hi Ann,
I'm not familiar with DirectI but what you say does make sense. Their letter did state that if I did not approve the transfer then nothing would happen. It also gave me a link to click on to cancel the transfer, which I did. You are also correct, that prior to the 15th my domain was not locked. It was supposed to be, but through a communication error between my godaddy rep and me it did not happen. I caught it prior to the transfer request, and locked it. The purpose of my post was more to bring attention to everyone of the value of locking domains and to point out the name and e-mail address of the domain thief. |
| All times are GMT -4. The time now is 07:23 PM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc